Wiki

Clone wiki

snakeyaml / PGP Signatures

PGP Signatures

Deployment at Sonatype requires valid PGP signature.

To see the present keys:

gpg --list-keys

Generating a Key Pair

gpg --gen-key
* Select RSA * 1024 bits * valid for 5 years * Real name = Andrey Somov * Email address = public.somov@gmail.com * Comment = SnakeYAML

gpg: key 0BCBAB99 marked as ultimately trusted
public and secret key created and signed.

Delete a Sub Key

Maven as well as Nexus can only verify against a primary key. It should be removed if it was automatically created.

gpg --edit-key 0BCBAB99
key 1
delkey

Distributing Your Public Key

Distribute the public key to a key server:

gpg --keyserver hkp://pool.sks-keyservers.net --send-keys 0BCBAB99
It should be possible to find the key. The search string "SnakeYAML".

Maven configuration

Put the generated key to $HOME/.m2/settings.xml

<settings>

    <servers>
        <server>
            <id>sonatype-nexus-snapshots</id>
            <username>py4fun</username>
            <password>***</password>
        </server>

        <server>
            <id>sonatype-nexus-staging</id>
            <username>py4fun</username>
            <password>***</password>
        </server>
    </servers>


    <profiles>
        <profile>
            <id>gpginfo</id>
            <properties>
                <gpg.keyname>0BCBAB99</gpg.keyname>
                <gpg.passphrase>***</gpg.passphrase>
            </properties>
        </profile>
    </profiles>

    <activeProfiles>
        <activeProfile>gpginfo</activeProfile>
    </activeProfiles>

</settings>

Updated